Ransomware victim disclosure
← All victimsCELO
listed as celo.com · Claimed by Black Basta · listed 2 years ago
Status timeline
- ListedOct 29, 2024
- Data leakeddate unknown
At a glance
- Group
- Black Basta
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Oct 29, 2024
- Data size
- 250 GB
- Records
- 3. Account
About the victim
AI dossier — public-source company profileCELO is a global manufacturer of high-precision screws, fasteners, and fixing solutions for industrial and construction applications. The company operates multiple divisions (CELO Fasteners, CELO Fixings) and serves international customers with innovative assembly and installation products.
- Industry
- Industrial Fasteners & Fixings Manufacturing
- Address
- 2929 32nd St SE, Grand Rapids, Michigan 49512, United States
Attack summary
Severity: high — Confirmed exfiltration of 250 GB including sensitive PII (payroll, tax data, employee personal documents), financial records, and client information. No encryption mentioned, but data publication threat is explicit.Black Basta claims to have exfiltrated approximately 250 GB of data from CELO, including human resources, finance, accounting, payroll, tax documents, employee personal folders, and client information.
Data the group says was taken
AI dossier — extracted from the leak post- Human Resources records
- Finance data
- Accounting records
- Payroll information
- 401k and tax documents
- Employee personal folders and documents
- Client data
What the group claims
CELO is a brand dedicated to the design and manufacture of high-precision fixing and fastening solutions for the fields of industry and construction.SITE: www.celo.com Address : 2929 32nd St SE, Grand Rapids Michigan, 49512 United StatesALL DATA SIZE: ≈250gb 1. Human Resources 2. Finance data 3. Accounting 4. Payroll 5. 401k, Tax data 6. Users: Employees personal folders and docs 7. Clients & etc…
Sources
- Victim sitecelo.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

